Author: Christian Kintu
Last Updated: Thu, Aug 11, 2022Checkmk is a monitoring application that keeps track of your servers, networks, containers, databases, and installed applications. It follows the client-server model and offers a web dashboard through which you can track the uptime and status of configured hosts.
This article explains how you can monitor servers in a Vultr Virtual Private Cloud (VPC) using Checkmk. After installing Checkmk on the main VPC server, it explains how to monitor three server instances, running Ubuntu 22.04, Rocky Linux 8, and Windows 2022 respectively, on a single VPC network. The VPC and all three server instances must be in the same Vultr location.
To complete this guide, you'll need a registered domain name and ability to update DNS for that domain.
cloud-init
can configure the VPC network adapters for you.In this step, you'll install Checkmk on the Ubuntu server, which will monitor the other hosts attached to the VPC.
Create a domain A record that points a fully-qualified domain name (FQDN) to the Ubuntu server's IP address. This guide uses the example FQDN checkmk.example.com
. See our guide if you use Vultr DNS.
SSH to the server and log in as a non-root user with sudo rights.
$ ssh example-user@192.0.2.1
Update the server.
$ sudo apt update
Change the server hostname to your domain name.
$ sudo hostnamectl set-hostname checkmk.example.com
Download the latest Checkmk release file for Ubuntu from the official website.
$ wget https://download.checkmk.com/checkmk/2.1.0p8/check-mk-raw-2.1.0p8_0.jammy_amd64.deb
Install the Checkmk package on your server.
$ sudo dpkg -i check-mk-raw-2.1.0p8_0.jammy_amd64.deb
Enter Y
to install all necessary dependencies on your server.
If you receive any errors, run the following command and enter yes
to install missing dependencies.
$ sudo apt --fix-broken install
Verify that Checkmk is properly installed by querying the installed omd
version.
$ omd version
Output:
OMD - Open Monitoring Distribution Version 2.1.0p8.cre
Create your first Checkmk monitoring site. Replace myvpc-site
with your preferred site name.
$ sudo omd create myvpc_site
Output:
Creating temporary filesystem /omd/sites/myvpc_site/tmp...OK
Updating core configuration...
Generating configuration for core (type nagios)...
Precompiling host checks...OK
Executing post-create script "01_create-sample-config.py"...OK
Restarting Apache...OK
Created new site myvpc_site with version 2.1.0p8.cre.
The site can be started with omd start myvpc_site.
The default web UI is available at http://checkmk.example.com/myvpc_site/
The admin user for the web applications is cmkadmin with password: Tcbhseyf
For command line administration of the site, log in with 'omd su myvpc_site'.
After logging in, you can change the password for cmkadmin with 'htpasswd etc/htpasswd cmkadmin'.
Keep note of your assigned administrator username and password. If you changed the server hostname to your domain, a full working URL should display in the command output.
Start the Checkmk site.
$ sudo omd start myvpc_site
By default, Checkmk receives agent requests on port 8000
for the first site and increments the port number per extra site created.
Allow port 8000 through the firewall.
$ sudo ufw allow 8000/tcp
Allow the Apache HTTP Port 80
to enable access to the Checkmk web interface.
$ sudo ufw allow 80/tcp
Allow HTTPS connections on port 443
.
$ sudo ufw allow 443/tcp
Restart the firewall to save changes.
$ sudo ufw reload
Using a text editor, edit the default Apache virtual host file.
$ sudo nano /etc/apache2/sites-available/000-default.conf
Find the following commented directive.
#ServerName www.example.com
Uncomment it, and enter your domain name.
ServerName checkmk.example.com
Restart Apache.
$ sudo service apache2 restart
Install the Certbot Let's Encrypt client.
$ sudo snap install --classic certbot
Request for a free SSL certificate. Replace checkmk.example.com
with your domain name, and hello@example.com
with your email address.
$ sudo certbot --apache -d checkmk.example.com -m hello@example.com --agree-tos
Test SSL certificate auto-renewal.
$ sudo certbot renew --dry-run
Restart Apache to save changes.
$ sudo service apache2 restart
Using your preferred desktop web browser, visit your Checkmk site.
https://checkmk.example.com/myvpc_site
Log in with the administrator username cmkadmin
, and the random password generated by the installer.
Note that you can delete the
cmkadmin
user account when you create a new administrator, but should not delete theautomation
user as itâs used with automation tools.
Checkmk uses monitoring agents to send and receive vital information on all system services. You can download a monitoring agent directly from the main Checkmk server and install it on your target client in the VPC network.
check-mk-agent-<version>.noarch.rpm
file, right click and select Copy Link Address from your list of browser options to copy it to the clipboard.SSH and log in to the Rocky Linux 8 server as a non-root sudo user.
$ ssh example-user@192.0.2.1
Download the Checkmk monitoring agent from your main Checkmk server.
$ wget https://checkmk.example.com/myvpc-site/check_mk/agents/check-mk-agent-2.1.0p6-1.noarch.rpm
Install the Checkmk agent package.
$ sudo dnf install check-mk-agent-2.1.0p6-1.noarch.rpm
Verify that the agent is installed.
$ check_mk_agent
Your output should look similar to:
<<<job>>>
<<<chrony:cached(1658403210,30)>>>
Reference ID : 94253D12 (2001:19f0:200:144b::1000)
Stratum : 3
Ref time (UTC) : Thu Jul 21 11:31:06 2022
System time : 0.000072729 seconds fast of NTP time
Last offset : +0.000043839 seconds
RMS offset : 0.000704368 seconds
Frequency : 18.389 ppm fast
Residual freq : +0.001 ppm
Skew : 0.017 ppm
Root delay : 0.081640661 seconds
Root dispersion : 0.009934294 seconds
Update interval : 1030.7 seconds
Leap status : Normal
<<<local:sep(0)>>>
By default, Firewalld is active on Rocky Linux. Follow these steps to allow the Checkmk agent to receive monitoring requests on the default port 6556
over the VPC network.
Create a new zone. Replace myVPC
with your preferred label.
$ sudo firewall-cmd --new-zone=myVPC --permanent
Assign the zone to the VPC network.
$ sudo firewall-cmd --zone=myVPC --add-source=10.24.96.0/20 --permanent
Allow the Checkmk agent port 6556
on the zone.
$ sudo firewall-cmd --zone=myVPC --add-port=6556/tcp --permanent
Restart the firewall to save changes.
$ sudo firewall-cmd --reload
In a web browser, access the Checkmk server.
https://checkmk.example.com/myvpc_site
Navigate to Setup, and click Hosts.
Enter your Checkmk server address in the URL bar.
https://checkmk.example.com/myvpc_site
Log in to the Checkmk server using your administrator username and password.
Enter the following command to verify that the Checkmk agent is properly installed.
> "C:\Program Files (x86)\checkmk\service\cmk-agent-ctl.exe" status
Your output should look like the one below:
Version: 2.1.0p8
Agent socket: operational
IP allowlist: any
Legacy mode: enabled
No connections
The Checkmk agent creates all necessary firewall rules. Open the command prompt and ping the Checkmk server VPC address to verify if you have a connection to the server.
> ping 192.0.2.1
To restrict the Checkmk agent to only VPC connections, navigate to Windows Defender with Firewall under the Windows Administrative Tools group on the start menu.
Access your Checkmk server.
https://checkmk.example.com/myvpc_site
Navigate back to Hosts, and set up the Windows Server Checkmk agent.
Enter the following commands to establish a connection to the server. Replace windows-host
with your actual hostname,192.0.2.1
with the Checkmk server VPC network address, and strong-password
with the actual cmkadmin
password you set earlier.
"C:\Program Files (x86)\checkmk\service\cmk-agent-ctl.exe" ^ register ^ --hostname windows-host ^ --server 192.0.2.1 --site myvpc_site ^ --user cmkadmin --password strong-password
Your output should look similar to:
Attempting to register at 192.0.2.1:8000/myvpc_site. Server certificate details:
PEM-encoded certificate:
-----BEGIN CERTIFICATE-----
MIIC8TCCAdmgAwIBAgIUcNQ97zkUr3VZO145hYSSzwsoIvUwDQYJKoZIhvcNAQEL
BQAwJTEjMCEGA1UEAwwaU2l0ZSAnbXl2cGNfc2l0ZScgbG9jYWwgQ0EwIBcNMjIw
NzIxMTMxOTA0WhgPMzAyMDExMjExMzE5MDRaMBUxEzARBgNVBAMMCm15dnBjX3Np
vIIo8dYGwdwZBeresgWIgJuWVdSbdq4CuzLd+U+o2oYY4SmQdQ==
-----END CERTIFICATE-----
Issued by:
Site 'myvpc_site' local CA
Issued to:
myvpc_site
Validity:
From Thu, 21 Jul 2022 13:19:04 +0000
To Tue, 21 Nov 3020 13:19:04 +0000
Do you want to establish this connection? [Y/n]
>
Enter Y
to establish a connection to the Checkmk server. If the connection fails, make sure that port 8000
is open on the main server firewall, or confirm that you created the Host on the Checkmk server before initiating the agent connection.
You have successfully installed Checkmk and set up monitoring for servers in a single Vultr Virtual Private Cloud (VPC). Server monitoring is fast with low latency when monitored servers are on the same private network. It's also possible to monitor other servers over the public internet, although the latency will be higher.
To track services on the main Checkmk server, install the Checkmk agent,and add the host with the address 127.0.0.1
to your Checkmk web interface as explained in this article.
For more information on how you can use Checkmk and monitor more services on your servers. Please visit the following articles.